aztfmod/pr-compliance-check
.github/skills/pr-compliance-check/SKILL.md
Validate a pull request against the project's contribution checklist. Checks that resourceDefinition.json changes trigger models_generated.go regeneration, README is updated, CHANGELOG is updated, and tests pass. Triggers on: PR opened, PR updated.
$ install --global
skillsauthnpx skillsauth add aztfmod/terraform-provider-azurecaf pr-compliance-checkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 7:18 PM36.7s1 file scanned
SKILL.md
- name:
- pr-compliance-check
- description:
- Validate a pull request against the project's contribution checklist. Checks that resourceDefinition.json changes trigger models_generated.go regeneration, README is updated, CHANGELOG is updated, and tests pass. Triggers on: PR opened, PR updated.
PR Compliance Check
Procedure
1. Identify changed files
git diff --name-only origin/main...HEAD
2. Check compliance rules
| Rule | Condition | Check |
|------|-----------|-------|
| Generated code fresh | resourceDefinition.json changed | models_generated.go must also be changed |
| CHANGELOG updated | Any code change | CHANGELOG.md must be modified |
| README updated | Resource added/removed | README.md must be modified |
| Tests pass | Any code change | make build must succeed |
3. Verify generated code
If resourceDefinition.json is in the diff:
go generate
git diff --name-only azurecaf/models_generated.go
If there are uncommitted changes to models_generated.go, the PR has stale generated code.
4. Report
If compliant:
✅ PR Compliance: PASSED
- [x] Generated code is fresh
- [x] CHANGELOG updated
- [x] README updated (if applicable)
- [x] Tests pass
If issues found:
⚠️ PR Compliance: ISSUES FOUND
- [ ] <issue description>
- [x] <passing check>
Provide specific remediation steps for each failing check.
Related Skills
aztfmod/test-failure-diagnosis
development
VerifiedTrustedCommunity
Analyze test failure output to identify root cause and suggest fixes. Use when build or test failures occur. Triggers on: test failures, build errors, CI failures.
183SKILL.mdUpdated Apr 3, 2026
aztfmod/terraform-mock-test
development
VerifiedTrustedCommunity
Validate a resource definition end-to-end using terraform test with mock_provider azurerm. Proves the CAF-generated name is accepted by the azurerm provider schema without Azure credentials. Use after provider-build-test succeeds to run the mocked azurerm integration test.
183SKILL.mdUpdated Apr 3, 2026
aztfmod/semver-assessment
documentation
VerifiedTrustedCommunity
Analyze changes since the last release tag and determine the appropriate semantic version bump (patch/minor/major) based on CHANGELOG entries and commit types. Triggers on: release preparation, version planning.
183SKILL.mdUpdated Apr 3, 2026
aztfmod/resource-diff-report
testing
VerifiedTrustedCommunity
Compare two versions of resourceDefinition.json (e.g., branch vs main) and produce a structured change summary. Triggers on: PR review, audit, before/after comparison.
183SKILL.mdUpdated Apr 3, 2026